January 21, 2019|
Enterprise Encryption – Still Critical, Still Lagging
While encryption options abound, many enterprises unfortunately still aren’t embracing encryption as standard practice for protecting their data. New research we commissioned from UBM reveals that IT’s concerns about performance and integration being too cumbersome for users deters adoption of this technology, even in an era of rampant breaches. A few key learnings include:
- Almost two-thirds of respondents (IT and security professionals) rely on their organization’s employees to follow security policies in order to ensure the security of distributed files
- Only 35 percent of respondents build encryption into security processes and procedures across the board, while others cite deployment difficulties as the reason encryption is deprioritized
- Digital rights management is only used by 26 percent of respondents; yet despite the known weaknesses, antivirus is predominantly regarded (97 percent) as the main preventative security technology
- Sixty one percent see compliance obligations, rather than a desire to protect user data, as the driver for adopting encryption.This suggests an attitudinal perspective that’s not necessarily user-first–an interesting dichotomy in light of new regulations like GDPR, CCPA and others.
The reticence to use encryption matters on two fronts. With escalating cyber threat, there is growing risk of intrusion and breach inside the firewall; yet the study findings show that defense-in-depth strategies aren’t working as they should. Even harder to defend is the ever-expanding spread of data outside of one’s defendable network perimeter. That involves everything from cloud collaboration services to email attachments and many other ways that data goes on a journey. A full sixty nine percent of respondents report being “very concerned” about their lack of control when files are sent outside of the network or placed in a collaborative cloud environment. Just 26 percent felt they could quickly locate and revoke access to lost or stolen files.
In fact it is very challenging to follow where sensitive files might go. Forty one percent of respondents attempt to control the problem by banning the use of cloud collaboration; it’s not too much of a stretch to think that resourceful users will find ways around that, especially when there is urgency around getting their work done. But there are new ‘always-on’ file security technologies that track, audit and manage access in real time which can put enterprises back in control of their data. A big majority of respondents (67 percent) believe that such a file security technology would be a very useful tool for their data protection efforts.
Currently, Information Rights Management (IRM) tools, which impose some access restrictions, are used by only 19 percent of respondents; but these tools can’t cover all types of files or integrate into all of the different products and services an organization typically uses. They also tend to be cumbersome for the IT or security teams to manage. Vera offers an innovative alternative, with our content and storage-agnostic platform that secures any type of digital content anywhere it’s stored. We’re also proud to take IRM to a more robust level with our IRM-as-a-Service platform that allows custom and legacy applications to control encryption, tracking, access control and policy enforcement.
With Vera, enterprises can enjoy all the benefits of data sharing and collaboration without burdening users with difficult-to-use controls. Users can set, collaborate, track, view only, or watermark and view only simply and quickly on any file; any permission can be revoked at any time, regardless of where the file is. This level of control mitigates common incidents that can lead to a breach.
As the study shows, encryption still faces many challenges that will likely impact its viability as a widely chosen solution for a long while to come. Always-on file security offers a powerful, elegant yet simple solution to put enterprises back in control of their data.
Access the full findings report here.